What is EMV?
EMV – Eurocard, MasterCard, and Visa – is an international credit card technology standard featuring an embedded chip. The chip generates a unique identity code that changes with each use. Coupling the chip with the POS (Point of Sale) credit card reader and the credit authorization process results in a far more secure transaction than the swipe methodology that is the US standard today. That is because the function of the embedded chip cannot be duplicated easily (though extraordinarily unlikely, nothing is foolproof). Without flawlessly simulating the chip’s data, a fraudulent transaction will not be approved.
Europe and Asia have been using a similar technology called “Chip and PIN” that employs both an embedded chip and a requirement that the user enter a PIN (Personal Identity Number) for every transaction. It takes the EMV concept a step farther with the addition of the PIN, however I suspect that because the “E” in EMV is Eurocard then EMV implies that Europe will dispense with (or make optional) the PIN at some point in the not-too-distant future.
I liked how the card never left my host’s presence in a European restaurant because a POS terminal was brought to our table for the purpose of reading the card and permitting him to enter his PIN.
Since it is not possible to process a credit card online that way, some issuing banks provide upon request a one-time credit card number associated with the actual card or a bank account. It is used exactly as you would a current credit card (number, expiration date, and CVV are provided) but it self-destructs after use, ensuring that it cannot be reused by a criminal who obtains it from an online retailer’s system.
Why are we hearing about EMV now?
The credit card industry has been quietly working on implementing the EMV standard for the past two years. In fact, it set an implementation deadline of October 1, 2015. As of then, approximately 60% of the credit cards in the wild in the USA did not conform. The tendency has been to replace cards of those with incomes of $75,000 and higher at twice the rate as of lower income levels, and people from urban/suburban areas are more likely to see new cards than their country cousins. It is expected that credit card holders will receive the chip-enabled cards by the end of the year; debit card holders will have to wait until next year.
A significant number of retailers are also behind the curve, yet optimism remains firm that both the retailers and the issuers will come into compliance reasonably soon. Consumers will have to be even more vigilant at gas stations because they will not be upgraded until 2017.
EMV is good for customers, what is in it for issuers and retailers?
We have already seen why consumers will benefit from EMV. The added security and the built-in safeguards against theft are huge pluses. Some old habits will have to change though because the cards will no longer be swiped through a slot in a POS terminal, they will be dipped instead. To dip a card, the consumer will insert it into a slot where it will remain until the transaction has been completed. This is necessary to enable the communications between the chip, the terminal, and the credit processor.
Retailers who have not implemented the new POS terminals will be fully liable for any loss due to credit fraud. Since less than 30% of merchants are ready (as of Oct 1), more than 70% have vastly increased their potential losses and should be highly incentivized to implement the new terminals. There will be, no doubt, a number of small businesses that may consider the potential risk to be of less cost than the upgrade of terminal equipment, but they may discover their loyal customers find safety in transactions of greater value than the personal relationship with the retailer. Time will tell.
Is EMV a security panacea?
No. Chip-enabled cards will greatly enhance security at the retail point of sale where compliant POS terminals are in use. Traditional swipe terminals, gas stations, other non-compliant retail locations, and online shopping will remain viable and sought after targets of fraud. The consumer must always remember one immutable law of business: “caveat emptor” – “let the buyer beware.” The consumer must always be his/her first and best line of defense because retailer liability may result in a refund, but the fraud will still consume your good credit until (and often well after) it is identified and reversed.